GC Notify practices continuous security
We embed security specialists on our team and treat security priorities as design constraints. We use automation and metrics to facilitate security operations.
Recognizing the role of communication in maintaining security, we:
- Simplify language so non-specialist staff can participate.
- Reduce paperwork to focus on useful and specific documents.
- Select a precise combination of security policies, practices, and products for GC Notify. This combination is referred to as security controls.
To identify these controls, we considered GC Notify’s need for:
- Confidentiality: Preventing unauthorized access to information.
- Integrity: Preventing changes to or removal of information.
- Availability: Maintaining operations during events such as power outages or natural disasters.
We hired an independent security assessor to build our security profile based on these needs.The assessor selected our security controls from the list for Protected B Medium Integrity/Medium Availability (PBMM). PBMM is a security profile for the Government of Canada.
With the use of these controls and other safeguards, the remaining or residual risk of operating GC Notify is acceptable. CDS’s Chief Executive Officer has given GC Notify authority to operate (ATO). CDS will reassess this authority in 3 years.
To request our ATO documents, contact us.
Use GC Notify to send Protected A messages
GC Notify uses encryption: we scramble information that passes between your browser and our server. This prevents unauthorized access. The information remains encrypted while within GC Notify. This, in part, is why our security profile is PBMM.
But when you send with GC Notify, personal information populates a template to create individual email and text messages. Text messages are not encrypted during transit. At some points in transit, email messages may also be unencrypted.
Other governments, organizations or people may be able to read and interfere when the message:
- Travels to the recipient.
- Reaches the recipient’s email address or phone number.
When you send messages with GC Notify, your organization is responsible for:
- Assessing context to decide what degree of injury could result from release of information in a message and,
- Based on your assessment, deciding on the sufficient level of security. If Protected A or under is not sufficient, we recommend against using GC Notify.
We keep personal information for 7 days
After 7 days, we keep only non-identifying statistics, such as time of sending, sending method, and number of messages sent. To reduce retention of your organization’s information to 3 days, send a request.
We dispose of personal information following the TBS Standard on Privacy and Web Analytics. We never give the information to another service provider, whether public or private. For more information, read GC Notify’s Privacy statement.
We control access to information in GC Notify
Amazon Web Services (AWS) provides our computer power, physical storage and cloud environment. AWS resources automatically increase or decrease as appropriate for our needs. Our needs vary at any given time, based on the amount of activity or outgoing messages.
GC Notify controls access to information in the cloud. We prevent and detect unauthorized access using automated practices called guardrails.
We restrict our staff’s access to information based on role and regularly audit access and permissions. We include safeguards to onboard and offboard GC Notify staff.
We also monitor GC Notify to record activity and receive alerts about anything suspicious.
We take steps to protect your account
When you sign in, we send a one-time code to your email or phone. You’ll need to enter the code to finish signing in.
We use a process called hashing to securely store and verify your password. Hashing ensures that passwords cannot be deciphered or reconstructed, even by GC Notify staff. If you forget or lose your password, you’ll have to create a new one.
If we suspect your account is compromised, we’ll immediately suspend or downgrade your access. We’ll also make you change your password and create new access keys for your API.
We prevent, detect, address, and minimize risks
- Automated tools that scan GC Notify for flaws.
- Security updates at our earliest opportunity. For more details, refer to our patching strategy.
- Staff from other organizations as reviewers and penetration testers.
- CCCS’s cloud-based sensor to monitor for suspicious activity. We’ve installed the sensor in our cloud environment.
- The TBS Security Playbook for Information System Solutions. The playbook sets the roles and responsibilities of team members before, during and after a security incident.
For a copy of our Security assessment, contact us.
Your organization can enhance security
You can set different user permissions in GC Notify. This lets you control who in your team has access to certain parts of the service.
You can also request additional protections. For example, you can request that we log each time GC Notify staff accesses information in your account.
You can enhance the security of your own account
You can add a hardware-based security key, such as a YubiKey, to sign in. The key verifies your identity.
When sending messages, you may need to include sensitive information such as security codes or links to reset passwords. Before you send, you can choose to prevent GC Notify from displaying the information on your device’s screen. Then only the recipient can read the message and only GC Notify staff can access the hidden information.
If you suspect a security breach or discover a vulnerability
As soon as possible, learn what to do by visiting the CDS Security page.
If there’s a breach, CDS and GC Notify have procedures for:
- Responding to security incidents.
- Informing your organization and recipients.
Last updated: September 7, 2022